Bump github.com/evanphx/json-patch from 4.12.0+incompatible to 5.9.11+incompatible

[dependabot]

Bumps github.com/evanphx/json-patch from 4.12.0+incompatible to 5.9.11+incompatible.

Release notes

Sourced from github.com/evanphx/json-patch's releases.

v5.9.11

What's Changed

• Export errBadJSONDoc and errBadJSONPatch errors by @​skitt in evanphx/json-patch#209

Full Changelog: evanphx/json-patch@v5.9.10...v5.9.11

v5.9.10

What's Changed

• Drop the reference to gopkg.in for v5 by @​skitt in evanphx/json-patch#203
• remove unmaintained errors pkg(github.com/pkg/errors) by @​koba1t in evanphx/json-patch#206

New Contributors

• @​skitt made their first contribution in evanphx/json-patch#203
• @​koba1t made their first contribution in evanphx/json-patch#206

Full Changelog: evanphx/json-patch@v5.9.0...v5.9.10

v5.9.0

What's Changed

• Validate that the partialDoc is decoded correctly by @​evanphx in evanphx/json-patch#201
• Add option to control if the output is HTMLEscaped by @​evanphx in evanphx/json-patch#202

Full Changelog: evanphx/json-patch@v5.8.1...v5.9.0

Fix API breakage

This PR fixes Operation containing a reference to internal/json and breaking the ability to manually compose one. This restores that ability using a type alias.

Full Changelog: evanphx/json-patch@v5.8.0...v5.8.1

Blargh Phixs and Empathyprovements

This release fixes a few stray panics, addresses large number accuracy, and improves performance!

What's Changed

• Compare strings after decoding them to handle unicode correctly. Fixes #172 by @​evanphx in evanphx/json-patch#195
• Always use UseNumber() to avoid float64 lossyness by @​evanphx in evanphx/json-patch#194
• Handle null correctly when introduced by replace. Fixes #171 by @​evanphx in evanphx/json-patch#196
• Handle from="" more properly. Fixes #192 by @​evanphx in evanphx/json-patch#193
• Improve performance by @​evanphx in evanphx/json-patch#197

Full Changelog: evanphx/json-patch@v5.7.0...v5.8.0

The 2023 Release

What's Changed

• Fix invalid sprintf by @​howardjohn in evanphx/json-patch#152
• Add CIFuzz GitHub action by @​DavidKorczynski in evanphx/json-patch#167
• README: Remove Travis by @​ohkinozomu in evanphx/json-patch#164
• Updated min supported version to go 1.18 by @​Neo2308 in evanphx/json-patch#181
• Added dependabot by @​Neo2308 in evanphx/json-patch#182

... (truncated)

Commits

• 84a4bb1 Merge pull request #209 from skitt/export-errs-v5
• 7a7a88a Export errBadJSONDoc and errBadJSONPatch errors
• bd18525 Upgrade go-flags
• 42f26cb Fix spacing
• 0a3482b Merge pull request #206 from koba1t/remove_unmaintained_error_pkg
• 106306d remove unmaintained errors pkg
• e7cfbbb Merge pull request #203 from skitt/drop-gopkgin-v5
• 61e1ad7 Drop the reference to gopkg.in for v5
• b7a4e4a Merge pull request #202 from evanphx/f-html-escape
• 7eef36c Guard using options to avoid a crash bug
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

🚨 Major Version Update Detected 🚨

This PR contains a major version update that requires manual review:

• Dependency: github.com/evanphx/json-patch
• Previous version: 4.12.0+incompatible
• New version: 5.9.11+incompatible

Please review the changelog and breaking changes before merging.

Auto-merge has been disabled for this PR.

[coderabbitai]

Walkthrough

Bumped github.com/evanphx/json-patch in go.mod from v4.12.0+incompatible to v5.9.11+incompatible and removed an indirect github.com/pkg/errors v0.9.1 // indirect entry; no other module directives were changed.

Changes

Cohort / File(s)	Summary
Dependency updates go.mod	Updated direct dependency github.com/evanphx/json-patch v4.12.0+incompatible → v5.9.11+incompatible; removed indirect github.com/pkg/errors v0.9.1 // indirect. No other go directive changes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/go_modules/github.com/evanphx/json-patch-5.9.11incompatible

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign theautoroboto for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[github-actions]

🚨 Major Version Update Detected 🚨

This PR contains a major version update that requires manual review:

• Dependency: github.com/evanphx/json-patch
• Previous version: 4.12.0+incompatible
• New version: 5.9.11+incompatible

Please review the changelog and breaking changes before merging.

Auto-merge has been disabled for this PR.

[github-actions]

🚨 Major Version Update Detected 🚨

This PR contains a major version update that requires manual review:

• Dependency: github.com/evanphx/json-patch
• Previous version: 4.12.0+incompatible
• New version: 5.9.11+incompatible

Please review the changelog and breaking changes before merging.

Auto-merge has been disabled for this PR.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Line 6: The go.mod entry for the dependency github.com/evanphx/json-patch is
pinned as v5.9.11+incompatible, indicating the upstream uses v5 semantics
without the proper /v5 import path; check the upstream repository for a proper
module v5 release (module path github.com/evanphx/json-patch/v5) and, if
available, update imports and go.mod to use the canonical v5 module path and
version (replace github.com/evanphx/json-patch v5.9.11+incompatible with
github.com/evanphx/json-patch/v5 v5.x.y), run go mod tidy and fix any import
lines that should change from github.com/evanphx/json-patch to
github.com/evanphx/json-patch/v5 across the codebase.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e3af32b6-abd0-4d29-9ee0-dfd87b9c54d6

📥 Commits

Reviewing files that changed from the base of the PR and between 36adfeb and 59d545d.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Check for inconsistent import paths across the codebase

echo "=== Direct imports of github.com/evanphx/json-patch (unversioned) ==="
rg -n --type=go '"github\.com/evanphx/json-patch"' -C 2

echo -e "\n=== Direct imports of github.com/evanphx/json-patch/v5 (versioned) ==="
rg -n --type=go '"github\.com/evanphx/json-patch/v5"' -C 2

echo -e "\n=== Count of each import style ==="
echo -n "Unversioned imports: "
rg -c --type=go '"github\.com/evanphx/json-patch"' | wc -l
echo -n "Versioned (/v5) imports: "
rg -c --type=go '"github\.com/evanphx/json-patch/v5"' | wc -l

Repository: openshift/managed-cluster-validating-webhooks

Length of output: 653

---

The go.mod entry uses the +incompatible suffix, which indicates improper Go module versioning.

Line 6 shows github.com/evanphx/json-patch v5.9.11+incompatible. The +incompatible suffix means this library is using v5 semantics but without adopting the proper /v5 import path convention for Go modules v1.11+. The codebase correctly imports it as github.com/evanphx/json-patch (unversioned) in one location. The versioned path (github.com/evanphx/json-patch/v5) appearing in go.mod is a transitive dependency—this is normal and not a problem.

The concern is whether this library should be migrated to its proper versioned import path if the library maintainers have adopted that convention. Verify the upstream library's current status and consider updating the import if a properly-versioned version is available.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 6, The go.mod entry for the dependency
github.com/evanphx/json-patch is pinned as v5.9.11+incompatible, indicating the
upstream uses v5 semantics without the proper /v5 import path; check the
upstream repository for a proper module v5 release (module path
github.com/evanphx/json-patch/v5) and, if available, update imports and go.mod
to use the canonical v5 module path and version (replace
github.com/evanphx/json-patch v5.9.11+incompatible with
github.com/evanphx/json-patch/v5 v5.x.y), run go mod tidy and fix any import
lines that should change from github.com/evanphx/json-patch to
github.com/evanphx/json-patch/v5 across the codebase.

[github-actions]

🚨 Major Version Update Detected 🚨

This PR contains a major version update that requires manual review:

• Dependency: github.com/evanphx/json-patch
• Previous version: 4.12.0+incompatible
• New version: 5.9.11+incompatible

Please review the changelog and breaking changes before merging.

Auto-merge has been disabled for this PR.

[coderabbitai]

♻️ Duplicate comments (1)

go.mod (1)

6-6: ⚠️ Potential issue | 🟠 Major

Avoid mixed json-patch module paths (+incompatible and /v5) in the same module graph.

Line 6 pins github.com/evanphx/json-patch v5.9.11+incompatible while Line 36 also resolves github.com/evanphx/json-patch/v5 v5.9.11 indirectly. This split path usage is a maintainability risk and can lead to inconsistent behavior across packages that import different paths.

#!/bin/bash
# Verify whether both json-patch import paths are used and where.
# Expected:
# - Prefer a single canonical import path across the repo.
# - If both are present, plan migration to one path.

echo "=== go.mod entries ==="
rg -n -C2 'github\.com/evanphx/json-patch(/v5)?\s+v' go.mod

echo
echo "=== Direct Go imports: unversioned path ==="
rg -nP --type=go -C2 '"github\.com/evanphx/json-patch"'

echo
echo "=== Direct Go imports: /v5 path ==="
rg -nP --type=go -C2 '"github\.com/evanphx/json-patch/v5"'

As per coding guidelines, "Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 6, The go.mod currently mixes two import paths for the same
module (github.com/evanphx/json-patch and github.com/evanphx/json-patch/v5);
pick the canonical v5 path and migrate: remove the +incompatible entry and
add/replace it with github.com/evanphx/json-patch/v5 v5.9.11 in go.mod, update
all Go source imports from "github.com/evanphx/json-patch" to
"github.com/evanphx/json-patch/v5", then run go get/module tidy to reconcile
module graph and go vet/build to ensure no remaining unversioned imports; verify
with the provided grep/ripgrep checks for both import forms and fix any
remaining occurrences.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@go.mod`:
- Line 6: The go.mod currently mixes two import paths for the same module
(github.com/evanphx/json-patch and github.com/evanphx/json-patch/v5); pick the
canonical v5 path and migrate: remove the +incompatible entry and add/replace it
with github.com/evanphx/json-patch/v5 v5.9.11 in go.mod, update all Go source
imports from "github.com/evanphx/json-patch" to
"github.com/evanphx/json-patch/v5", then run go get/module tidy to reconcile
module graph and go vet/build to ensure no remaining unversioned imports; verify
with the provided grep/ripgrep checks for both import forms and fix any
remaining occurrences.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 94db09fa-e988-4c37-9e90-923721ea1a40

📥 Commits

Reviewing files that changed from the base of the PR and between 59d545d and 98badc1.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod

[openshift-ci]

@dependabot[bot]: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.